• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Wildcard Certificate not the same as my Internal Domain - is it possible?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2010] >> General >> Wildcard Certificate not the same as my Internal Domain - is it possible? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Wildcard Certificate not the same as my Internal Domain... - 23.Aug.2010 3:27:39 AM   
angcartwright

 

Posts: 14
Joined: 12.Oct.2009
Status: offline
I was wondering if it's possible to use a wildcard certificate (*.extcompany.com) that is different to my Internal domain name (intcompany.com) in my exchange 2010 environment. In effect it will mean my certificate does not match the FQDN of the servers.

So far I can get everything working EXCEPT Outlook Anywhere. I've done this by changing the URL's in the CAS server (EWS, OWA, EPC) to be OWA.extcompany.com.


Any help/advice will be appreciated.

Thanks


< Message edited by angcartwright -- 23.Aug.2010 4:19:27 AM >
Post #: 1
RE: Wildcard Certificate not the same as my Internal Do... - 23.Aug.2010 5:12:56 PM   
jveldh

 

Posts: 2335
Joined: 12.Apr.2008
From: The Netherlands
Status: offline
Hi,

Outlook Anywhere should work what is the exact error you will get?

_____________________________

Best regards,

Johan Veldhuis

Visit my Exchange blog

(in reply to angcartwright)
Post #: 2
RE: Wildcard Certificate not the same as my Internal Do... - 24.Aug.2010 12:13:09 AM   
angcartwright

 

Posts: 14
Joined: 12.Oct.2009
Status: offline
Thanks for the reply.....

Internally it works, externally through TMG 2010 I get - The Connection to Microsoft Exchange is unavailable etc 
OWA works externally - the only thing I can think is there's a problem with my certificate, hence the wildcard cert question.

These are the logs on the TMG:


When I connect I see in the logs:

Allowed Connection TMG-001-001-02 23.08.2010 09:41:09
Log type: Web Proxy (Reverse)
Status: 503 Service Unavailable
Rule: Outlook Anywhere
Source: Internal (xx.xxx.xxx.xxx:50483)
Destination: Local Host (webapp.domain.com 172.16.12.10:443)
Request: RPC_OUT_DATA http://webapp.domain.com/rpc/rpcproxy.dll?webapp.
domain.com:6004
Filter information: Req ID: 09f0e329; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=yes, logged off=no, client type=unknown, user activity=yes
Protocol: https
User: (LDAP)joeb
Additional information
Client agent: MSRPC
Object source: Internet (Source is the Internet. Object was added to the cache.)
Cache info: 0x40000008 (Request includes the AUTHORIZATION header. Response should not be cached.)
Processing time: 47 MIME type:

Then I get:
Failed Connection Attempt TMG-001-001-02 23.08.2010 09:41:09
Log type: Web Proxy (Reverse)
Status: 64 The specified network name is no longer available. 
Rule: Outlook Anywhere
Source: Internal (xx.xxx.xxx.xxx:50482)
Destination: Local Host (webapp.
domain.com 172.16.12.10:443)
Request: RPC_IN_DATA http://webapp.
domain.com/rpc/rpcproxy.dll?webapp.domain.com:6004
Filter information: Req ID: 09f0e327; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=yes, logged off=no, client type=unknown, user activity=yes
Protocol: https
User: (LDAP)joeb
Additional information
Client agent: MSRPC
Object source: Internet (Source is the Internet. Object was added to the cache.)
Cache info: 0x8 (Request includes the AUTHORIZATION header.)
Processing time: 891 MIME type:


Any help would be appreciated.

Thanks

(in reply to jveldh)
Post #: 3
RE: Wildcard Certificate not the same as my Internal Do... - 24.Aug.2010 3:01:03 PM   
jveldh

 

Posts: 2335
Joined: 12.Apr.2008
From: The Netherlands
Status: offline
Hi,

It looks like it can find this server:

webapp.domain.com

Can you please check if the DNS entry is resolvable from internal?

_____________________________

Best regards,

Johan Veldhuis

Visit my Exchange blog

(in reply to angcartwright)
Post #: 4
RE: Wildcard Certificate not the same as my Internal Do... - 25.Aug.2010 12:51:53 AM   
angcartwright

 

Posts: 14
Joined: 12.Oct.2009
Status: offline

webapp.domain.com is resolvable internally but to the public IP address.

In the TMG settings there's a tab this rule applies to this published site and I have the internal name there.

Thanks

(in reply to jveldh)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2010] >> General >> Wildcard Certificate not the same as my Internal Domain - is it possible? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter